Re: [RFC][PATCH] Generic fallback for security xattrs

From: Chris Wright (chrisw@private)
Date: Mon Jul 25 2005 - 21:25:59 PDT


* Casey Schaufler (casey@schaufler-ca.com) wrote:
> --- Chris Wright <chrisw@private> wrote:
> > We store labels as extended attributes in a reserved
> > namespace
> > ("security.").  Thus a mac_get_file() is simply a
> > library wrapper
> > around getxattr.  The namespace for security labels
> > is reserved and
> > security checks for those labels are handled by the
> > security modules.
> 
> So if ls calls mac_get_file the security module
> identifies the namespace as one with specific
> rules and treats the information with reverence
> appropropriate to the namespace. But are ACLs
> and Sensitivity Labels treated the same, or
> as appropriate to each?

Separate namespace, so appropriate for each.

> > I don't see what exactly you are taking issue with.
> 
> I'm not, for a change. Simply describing how
> Trix does it.

Heh, alright.

thanks,
-chris



This archive was generated by hypermail 2.1.3 : Mon Jul 25 2005 - 21:34:30 PDT